[#MDEV-12939] A query crashes MariaDB in Item_func

Faulting application name: mysqld.exe, version: 10.2.6.0, time stamp: 0x5918ebb7

Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e

Exception code: 0xc0000374

Fault offset: 0x00000000000f1b70

Faulting process id: 0x900

Faulting application start time: 0x01d2d85c2b53e01b

Faulting application path: C:\WebForce\MariaDB\bin\mysqld.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: ce3a50e4-4450-11e7-80cb-00259068c2fb

Faulting package full name:

Faulting package-relative application ID:

Fault bucket , type 0

Event Name: APPCRASH

Response: Not available

Cab Id: 0

Problem signature:

P1: mysqld.exe

P2: 10.2.6.0

P3: 5918ebb7

P4: StackHash_6aab

P5: 6.3.9600.18438

P6: 57ae642e

P7: c0000374

P8: PCH_9C_FROM_ntdll+0x0000000000090C6A

P9:

P10:

Attached files:

These files may be available here:

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_mysqld.exe_40864ec89f71876499b2d1917651eb4df4ef6_433f6772_5447a9b4

Analysis symbol:

Rechecking for solution: 0

Report Id: ce3a50e4-4450-11e7-80cb-00259068c2fb

Report Status: 0

Hashed bucket:

explain SELECT a

FROM

SELECT DISTINCT(gid) a FROM invite_chat

WHERE date_inv between '2017-03-01' and '2017-04-01'

UNION

SELECT DISTINCT(login) a FROM invite_chat

WHERE date_inv between '2017-03-01' and '2017-04-01'

)t1

WHERE a REGEXP '^[0-9]{3,6}$'

CREATE TABLE `invite_chat` (

  `id` int(15) NOT NULL AUTO_INCREMENT,

  `login` varchar(25) CHARACTER SET cp1251 DEFAULT NULL,

  `gid` varchar(25) CHARACTER SET cp1251 DEFAULT NULL,

  `mess` text CHARACTER SET cp1251 DEFAULT NULL,

  `date_inv` timestamp NULL DEFAULT NULL,

  `status_` tinyint(1) unsigned DEFAULT 0,

  `last_mess` int(11) unsigned DEFAULT NULL,

  `start` tinyint(4) unsigned DEFAULT 0,

  `end` tinyint(4) unsigned DEFAULT 0,

  `date_change_status` timestamp NULL DEFAULT NULL,

  `checked` tinyint(1) unsigned DEFAULT 0,

  `is_bc_response` tinyint(1) unsigned DEFAULT 0,

  `suspicious` tinyint(1) unsigned DEFAULT 0,

  `update_demand` tinyint(1) unsigned DEFAULT 0,

  `is_camera_on` tinyint(1) unsigned DEFAULT 0,

  `vc_refused` tinyint(1) unsigned DEFAULT 0,

  `half_empty_mins` smallint(5) unsigned DEFAULT 0,

  PRIMARY KEY (`id`) KEY_BLOCK_SIZE=4,

  KEY `date_inv` (`date_inv`) KEY_BLOCK_SIZE=4,

  KEY `gid` (`gid`) USING HASH KEY_BLOCK_SIZE=4,

  KEY `login` (`login`,`gid`) USING HASH KEY_BLOCK_SIZE=4

) ENGINE=InnoDB AUTO_INCREMENT=9838587 DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC `page_compressed`=0

 Error in `/bin/mysqld': double free or corruption (fasttop): 0x00007fcc8c020430 ***

======= Backtrace: =========

/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fccfae4d7e5]

/lib/x86_64-linux-gnu/libc.so.6(+0x7fe0a)[0x7fccfae55e0a]

/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7fccfae5998c]

/bin/mysqld(_ZN15Item_func_regex7cleanupEv+0x43)[0x825c13]

/bin/mysqld(_ZN4Item17cleanup_processorEPv+0x10)[0x7e0670]

/bin/mysqld(_ZN4Item40cleanup_excluding_const_fields_processorEPv+0xd)[0x55678d]

/bin/mysqld(_ZN16Item_func_or_sum4walkEM4ItemFbPvEbS1_+0xae)[0x59dd0e]

/bin/mysqld(_Z25pushdown_cond_for_derivedP3THDP4ItemP10TABLE_LIST+0x334)[0x5c0b44]

/bin/mysqld(_ZN4JOIN14optimize_innerEv+0x6e4)[0x644314]

/bin/mysqld(_ZN4JOIN8optimizeEv+0x57)[0x6477a7]

/bin/mysqld(_Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xa2)[0x6479c2]

/bin/mysqld(_Z19mysql_explain_unionP3THDP18st_select_lex_unitP13select_result+0x117)[0x648537]

/bin/mysqld[0x5e465d]

/bin/mysqld(_Z21mysql_execute_commandP3THD+0x184e)[0x5e79de]

/bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x3a0)[0x5f08e0]

/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x23ca)[0x5f3c1a]

/bin/mysqld(_Z10do_commandP3THD+0x16d)[0x5f445d]

/bin/mysqld(_Z24do_handle_one_connectionP7CONNECT+0x235)[0x6d3525]

/bin/mysqld(handle_one_connection+0x3f)[0x6d36ef]

/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7fccfc0776ba]

/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7fccfaedc82d]

170529 11:48:43 [ERROR] mysqld got signal 6 ;

Thread pointer: 0x7f6b7c0009a8

Attempting backtrace. You can use the following information to find out

where mysqld died. If you see no messages after this, something went

terribly wrong...

stack_bottom = 0x7f6be85f8ec8 thread_stack 0x49000

/bin/mysqld(my_print_stacktrace+0x2e)[0xddc65e]

/bin/mysqld(handle_fatal_signal+0x444)[0x7d3374]

/lib/x86_64-linux-gnu/libpthread.so.0(+0x11390)[0x7f6bed621390]

/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x38)[0x7f6bec3ab428]

/lib/x86_64-linux-gnu/libc.so.6(abort+0x16a)[0x7f6bec3ad02a]

/lib/x86_64-linux-gnu/libc.so.6(+0x777ea)[0x7f6bec3ed7ea]

/lib/x86_64-linux-gnu/libc.so.6(+0x7fe0a)[0x7f6bec3f5e0a]

/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f6bec3f998c]

/bin/mysqld(_ZN15Item_func_regex7cleanupEv+0x43)[0x826ac3]

/bin/mysqld(_ZN4Item17cleanup_processorEPv+0x10)[0x7e16b0]

/bin/mysqld(_ZN4Item40cleanup_excluding_const_fields_processorEPv+0xd)[0x556aad]

/bin/mysqld(_ZN16Item_func_or_sum4walkEM4ItemFbPvEbS1_+0xae)[0x59e05e]

/bin/mysqld(_Z25pushdown_cond_for_derivedP3THDP4ItemP10TABLE_LIST+0x33f)[0x5c0d2f]

/bin/mysqld(_ZN4JOIN14optimize_innerEv+0x6e6)[0x644756]

/bin/mysqld(_ZN4JOIN8optimizeEv+0x56)[0x647c06]

/bin/mysqld(_Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xa2)[0x647e32]

/bin/mysqld(_Z19mysql_explain_unionP3THDP18st_select_lex_unitP13select_result+0x117)[0x6489a7]

/bin/mysqld[0x5e4ced]

/bin/mysqld(_Z21mysql_execute_commandP3THD+0x183d)[0x5e7f5d]

/bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x3a0)[0x5f0e60]

/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x23ca)[0x5f38ba]

/bin/mysqld(_Z10do_commandP3THD+0x16d)[0x5f40fd]

/bin/mysqld(_Z24do_handle_one_connectionP7CONNECT+0x235)[0x6d39a5]

/bin/mysqld(handle_one_connection+0x3f)[0x6d3b6f]

/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7f6bed6176ba]

/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f6bec47c82d]

SELECT a FROM

	(SELECT "aa" a) t

WHERE a REGEXP '[0-9]';

10.2 debug aad8cefd2d0

Error: Freeing overrun buffer  0x55f237cf7892, 0x55f237ce504c, 0x55f237239580, 0x55f2375d67f6, mysys/safemalloc.c:194, sql/item_cmpfunc.h:2090, sql/sql_class.cc:3523, sql/sql_class.cc:2146

Allocated at sql/mysqld.cc:3643, 0x7f0c1a5fb4c3, sql/item_cmpfunc.cc:5420, sql/item_cmpfunc.cc:5441, sql/item_cmpfunc.cc:5619, sql/item_cmpfunc.cc:5642, 0x55f2375f8a5d, sql/item_func.cc:237

10.2 valgrind aad8cefd2d0
==15141== Invalid read of size 8
==15141== at 0x10E8C1F: malloc_size_and_flag (my_malloc.c:43)
==15141== by 0x10E91E5: my_free (my_malloc.c:215)
==15141== by 0x5D45AA: my_str_free_mysqld (mysqld.cc:3648)
==15141== by 0x982B41: Regexp_processor_pcre::cleanup() (item_cmpfunc.h:2089)
==15141== by 0x982BDF: Item_func_regex::cleanup() (item_cmpfunc.h:2112)
==15141== by 0x678F1A: Item::delete_self() (item.h:1788)
==15141== by 0x670141: Query_arena::free_items() (sql_class.cc:3528)
==15141== by 0x66B6B6: THD::cleanup_after_query() (sql_class.cc:2144)
==15141== by 0x6C2455: mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7891)
==15141== by 0x6B03E9: dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) (sql_parse.cc:1812)
==15141== by 0x6AED59: do_command(THD*) (sql_parse.cc:1362)
==15141== by 0x7FF290: do_handle_one_connection(CONNECT*) (sql_connect.cc:1354)
==15141== by 0x7FF01D: handle_one_connection (sql_connect.cc:1260)
==15141== by 0xC3AB8B: pfs_spawn_thread (pfs.cc:1862)
==15141== by 0x4E3F493: start_thread (pthread_create.c:333)
==15141== by 0x6D0893E: clone (clone.S:97)
==15141== Address 0xda3e9d0 is 0 bytes inside a block of size 112 free'd
==15141== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==15141== by 0x10E9219: my_free (my_malloc.c:217)
==15141== by 0x5D45AA: my_str_free_mysqld (mysqld.cc:3648)
==15141== by 0x982B41: Regexp_processor_pcre::cleanup() (item_cmpfunc.h:2089)
==15141== by 0x982BDF: Item_func_regex::cleanup() (item_cmpfunc.h:2112)
==15141== by 0x94331A: Item::cleanup_processor(void*) (item.cc:658)
==15141== by 0x5EFB15: Item::cleanup_excluding_const_fields_processor(void*) (item.h:1555)
==15141== by 0x6523D6: Item_func_or_sum::walk(bool (Item::)(void), bool, void*) (item.h:4116)
==15141== by 0x685DD4: pushdown_cond_for_derived(THD, Item, TABLE_LIST*) (sql_derived.cc:1235)
==15141== by 0x6F65DF: JOIN::optimize_inner() (sql_select.cc:1334)
==15141== by 0x6F5860: JOIN::optimize() (sql_select.cc:1085)
==15141== by 0x6FE8FD: mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) (sql_select.cc:3654)
==15141== by 0x6F3177: handle_select(THD, LEX, select_result*, unsigned long) (sql_select.cc:373)
==15141== by 0x6BE940: execute_sqlcom_select(THD, TABLE_LIST) (sql_parse.cc:6433)
==15141== by 0x6B497D: mysql_execute_command(THD*) (sql_parse.cc:3448)
==15141== by 0x6C2313: mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7870)
==15141== Block was alloc'd at
==15141== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==15141== by 0x10E8D1D: my_malloc (my_malloc.c:101)
==15141== by 0x5D4590: my_str_malloc_mysqld (mysqld.cc:3642)
==15141== by 0x56884C2: pcre_compile2 (in /lib/x86_64-linux-gnu/libpcre.so.3.13.1)
==15141== by 0x97B241: Regexp_processor_pcre::compile(String*, bool) (item_cmpfunc.cc:5420)
==15141== by 0x97B398: Regexp_processor_pcre::compile(Item*, bool) (item_cmpfunc.cc:5441)
==15141== by 0x97BA79: Regexp_processor_pcre::fix_owner(Item_func, Item, Item*) (item_cmpfunc.cc:5619)
==15141== by 0x97BB5D: Item_func_regex::fix_length_and_dec() (item_cmpfunc.cc:5641)
==15141== by 0x9A5208: Item_func::fix_fields(THD, Item*) (item_func.cc:236)
==15141== by 0x64EA0B: setup_conds(THD, TABLE_LIST, List<TABLE_LIST>&, Item**) (sql_base.cc:7792)
==15141== by 0x6F3B10: setup_without_group(THD, Bounds_checked_array<Item>, TABLE_LIST, List<TABLE_LIST>&, List<Item>&, List<Item>&, Item, st_order, st_order, List<Window_spec>&, List<Item_window_func>&, bool, unsigned int*) (sql_select.cc:637)
==15141== by 0x6F45C4: JOIN::prepare(TABLE_LIST, unsigned int, Item, unsigned int, st_order, bool, st_order, Item, st_order, st_select_lex, st_select_lex_unit) (sql_select.cc:817)
==15141== by 0x6FE8DA: mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) (sql_select.cc:3646)
==15141== by 0x6F3177: handle_select(THD, LEX, select_result*, unsigned long) (sql_select.cc:373)
==15141== by 0x6BE940: execute_sqlcom_select(THD, TABLE_LIST) (sql_parse.cc:6433)
==15141== by 0x6B497D: mysql_execute_command(THD*) (sql_parse.cc:3448)
==15141==
==15141== Invalid free() / delete / delete[] / realloc()
==15141== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==15141== by 0x10E9219: my_free (my_malloc.c:217)
==15141== by 0x5D45AA: my_str_free_mysqld (mysqld.cc:3648)
==15141== by 0x982B41: Regexp_processor_pcre::cleanup() (item_cmpfunc.h:2089)
==15141== by 0x982BDF: Item_func_regex::cleanup() (item_cmpfunc.h:2112)
==15141== by 0x678F1A: Item::delete_self() (item.h:1788)
==15141== by 0x670141: Query_arena::free_items() (sql_class.cc:3528)
==15141== by 0x66B6B6: THD::cleanup_after_query() (sql_class.cc:2144)
==15141== by 0x6C2455: mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7891)
==15141== by 0x6B03E9: dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) (sql_parse.cc:1812)
==15141== by 0x6AED59: do_command(THD*) (sql_parse.cc:1362)
==15141== by 0x7FF290: do_handle_one_connection(CONNECT*) (sql_connect.cc:1354)
==15141== by 0x7FF01D: handle_one_connection (sql_connect.cc:1260)
==15141== by 0xC3AB8B: pfs_spawn_thread (pfs.cc:1862)
==15141== by 0x4E3F493: start_thread (pthread_create.c:333)
==15141== by 0x6D0893E: clone (clone.S:97)
==15141== Address 0xda3e9d0 is 0 bytes inside a block of size 112 free'd
==15141== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==15141== by 0x10E9219: my_free (my_malloc.c:217)
==15141== by 0x5D45AA: my_str_free_mysqld (mysqld.cc:3648)
==15141== by 0x982B41: Regexp_processor_pcre::cleanup() (item_cmpfunc.h:2089)
==15141== by 0x982BDF: Item_func_regex::cleanup() (item_cmpfunc.h:2112)
==15141== by 0x94331A: Item::cleanup_processor(void*) (item.cc:658)
==15141== by 0x5EFB15: Item::cleanup_excluding_const_fields_processor(void*) (item.h:1555)
==15141== by 0x6523D6: Item_func_or_sum::walk(bool (Item::)(void), bool, void*) (item.h:4116)
==15141== by 0x685DD4: pushdown_cond_for_derived(THD, Item, TABLE_LIST*) (sql_derived.cc:1235)
==15141== by 0x6F65DF: JOIN::optimize_inner() (sql_select.cc:1334)
==15141== by 0x6F5860: JOIN::optimize() (sql_select.cc:1085)
==15141== by 0x6FE8FD: mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) (sql_select.cc:3654)
==15141== by 0x6F3177: handle_select(THD, LEX, select_result*, unsigned long) (sql_select.cc:373)
==15141== by 0x6BE940: execute_sqlcom_select(THD, TABLE_LIST) (sql_parse.cc:6433)
==15141== by 0x6B497D: mysql_execute_command(THD*) (sql_parse.cc:3448)
==15141== by 0x6C2313: mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7870)
==15141== Block was alloc'd at
==15141== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==15141== by 0x10E8D1D: my_malloc (my_malloc.c:101)
==15141== by 0x5D4590: my_str_malloc_mysqld (mysqld.cc:3642)
==15141== by 0x56884C2: pcre_compile2 (in /lib/x86_64-linux-gnu/libpcre.so.3.13.1)
==15141== by 0x97B241: Regexp_processor_pcre::compile(String*, bool) (item_cmpfunc.cc:5420)
==15141== by 0x97B398: Regexp_processor_pcre::compile(Item*, bool) (item_cmpfunc.cc:5441)
==15141== by 0x97BA79: Regexp_processor_pcre::fix_owner(Item_func, Item, Item*) (item_cmpfunc.cc:5619)
==15141== by 0x97BB5D: Item_func_regex::fix_length_and_dec() (item_cmpfunc.cc:5641)
==15141== by 0x9A5208: Item_func::fix_fields(THD, Item*) (item_func.cc:236)
==15141== by 0x64EA0B: setup_conds(THD, TABLE_LIST, List<TABLE_LIST>&, Item**) (sql_base.cc:7792)
==15141== by 0x6F3B10: setup_without_group(THD, Bounds_checked_array<Item>, TABLE_LIST, List<TABLE_LIST>&, List<Item>&, List<Item>&, Item, st_order, st_order, List<Window_spec>&, List<Item_window_func>&, bool, unsigned int*) (sql_select.cc:637)
==15141== by 0x6F45C4: JOIN::prepare(TABLE_LIST, unsigned int, Item, unsigned int, st_order, bool, st_order, Item, st_order, st_select_lex, st_select_lex_unit) (sql_select.cc:817)
==15141== by 0x6FE8DA: mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) (sql_select.cc:3646)
==15141== by 0x6F3177: handle_select(THD, LEX, select_result*, unsigned long) (sql_select.cc:373)
==15141== by 0x6BE940: execute_sqlcom_select(THD, TABLE_LIST) (sql_parse.cc:6433)
==15141== by 0x6B497D: mysql_execute_command(THD*) (sql_parse.cc:3448)

10.2 non-debug aad8cefd2d0
#2 <signal handler called>
#3 0x00007f37d1378fcf in raise () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x00007f37d137a3fa in abort () from /lib/x86_64-linux-gnu/libc.so.6
#5 0x00007f37d13b6bd0 in __libc_message () from /lib/x86_64-linux-gnu/libc.so.6
#6 0x00007f37d13bcf96 in malloc_printerr () from /lib/x86_64-linux-gnu/libc.so.6
#7 0x00007f37d13bd78e in _int_free () from /lib/x86_64-linux-gnu/libc.so.6
#8 0x000055c995b926a0 in cleanup (this=0x7f37b0010768) at /data/src/10.2/sql/item_cmpfunc.h:2089
#9 Item_func_regex::cleanup (this=0x7f37b00106a8) at /data/src/10.2/sql/item_cmpfunc.h:2112
#10 0x000055c99599eedd in delete_self (this=0x7f37b00106a8) at /data/src/10.2/sql/item.h:1788
#11 Query_arena::free_items (this=this@entry=0x7f37b00009c0) at /data/src/10.2/sql/sql_class.cc:3528
#12 0x000055c9959a129b in THD::cleanup_after_query (this=this@entry=0x7f37b00009a8) at /data/src/10.2/sql/sql_class.cc:2144
#13 0x000055c9959d48d7 in mysql_parse (thd=0x7f37b00009a8, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_parse.cc:7891
#14 0x000055c9959d7dac in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f37b00009a8, packet=packet@entry=0x7f37b0006c09 "", packet_length=packet_length@entry=54, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1812
#15 0x000055c9959d86f7 in do_command (thd=0x7f37b00009a8) at /data/src/10.2/sql/sql_parse.cc:1362
#16 0x000055c995a9b834 in do_handle_one_connection (connect=connect@entry=0x55c99888c568) at /data/src/10.2/sql/sql_connect.cc:1354
#17 0x000055c995a9b9d4 in handle_one_connection (arg=arg@entry=0x55c99888c568) at /data/src/10.2/sql/sql_connect.cc:1260
#18 0x000055c995d54574 in pfs_spawn_thread (arg=0x55c998841b88) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#19 0x00007f37d32b6494 in start_thread (arg=0x7f37cc04b700) at pthread_create.c:333
#20 0x00007f37d142e93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

commit 59d51f0c12d6f2bccc8354079be67c6e520d3675

Merge: fb8bc59 4368efe

Author: Sergei Golubchik <serg@mariadb.org>

Date:   Wed Sep 21 12:54:56 2016 +0200

    Merge branch '10.2' into bb-10.2-connector-c-integ-subm

[MDEV-12939] A query crashes MariaDB in Item_func_regex::cleanup Created: 2017-05-29 Updated: 2018-06-28 Resolved: 2017-07-05
Status:	Closed
Project:	MariaDB Server
Component/s:	Server
Affects Version/s:	10.2.2, 10.2.6, 10.2
Fix Version/s:	10.2.7

[MDEV-12939] A query crashes MariaDB in Item_func_regex::cleanup Created: 2017-05-29 Updated: 2018-06-28 Resolved: 2017-07-05